1. 1
CYBER SECURITY
What is Phishing?
Phishing is a type of social engineering attack often used to steal user
data, including login credentials and credit card numbers. It occurs when
an attacker, masquerading as a trusted entity, dupes a victim into opening
an email, instant message, or text message. The recipient is then tricked
into clicking a malicious link, which can lead to the installation of
malware, the freezing of the system as part of a ransomware attack or the
revealing of sensitive information. An attack can have devastating results.
For individuals, this includes unauthorized purchases, the stealing of
funds, or identify theft. Moreover, phishing is often used to gain a
foothold in corporate or governmental networks as a part of a larger
attack, such as an advanced persistent threat (APT) event. In this latter
scenario, employees are compromised in order to bypass security
perimeters, distribute malware inside a closed environment, or gain
privileged access to secured data. An organization succumbing to such an
attack typically sustains severe financial losses in addition to declining
market share, reputation, and consumer trust. Depending on scope, a
phishing attempt might escalate into a security incident from which a
business will have a difficult time recovering. Enabling macros by
clicking the 'Enable Content' command unleashes malicious VBA code
that begins the process of dropping a version of Ursnif malware that
researchers say was only recently compiled on July 25th, indicating how
recently this latest incarnation has been developed. Once installed on a
system the malware runs a number of "iexplorer.exe" processes that
repeatedly appear and disappear.
2. 2
Phishing Techniques
Email phishing scams
Email phishing is a numbers game. An attacker sending out thousands of
fraudulent messages can net significant information and sums of money,
even if only a small percentage of recipients fall for the scam. As seen
above, there are some techniques attackers use to increase their success
rates. For one, they will go to great lengths in designing phishing
messages to mimic actual emails from a spoofed organization. Using the
same phrasing, typefaces, logos, and signatures makes the messages
appear legitimate. In addition, attackers will usually try to push users into
action by creating a sense of urgency. For example, as previously shown,
an email could threaten account expiration and place the recipient on a
timer. Applying such pressure causes the user to be less diligent and more
prone to error. Lastly, links inside messages resemble their legitimate
counterparts, but typically have a misspelled domain name or extra
sub-domains.
3. 3
How to prevent phishing?
Phishing attack protection requires steps be taken by both users and
enterprises.
For enterprises, a number of steps can be taken to mitigate both phishing
and spear phishing attacks:
Two-factor authentication (2FA) is the most effective method for
countering phishing attacks, as it adds an extra verification layer
when logging in to sensitive applications. 2FA relies on users having
two things: something they know, such as a password and user name,
and something they have, such as their smart phones. Even when
employees are compromised, 2FA prevents the use of their
compromised credentials, since these alone are insufficient to gain
entry.
Example for 2FA.
References :
Assessment Act. Retrieved from
https://www.congress.gov/bill/114th-congress/senate-bill/2007/text
ATE Centers. (n.d.). Retrieved from http://www.atecenters.org/